Ben N

**Name of the Vulnerable Software and Affected Versions** Terminology versions prior to 1.3.1 **Description** The issue allows Remote Code Execution due to the mishandling of popmedia. This can be demonstrated by an unsafe command, such as "cat README.md", when a specific sequence is used. A popmedia control sequence can enable the malicious execution of executable file formats registered in the X desktop share MIME types. The sequence defers unknown file types to the handle unknown media() function, which executes xdg-open against the specified filename. This allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence, for example, through a fake software project. When the control sequence is rendered, the executable file will be run. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `handle unknown media()` function or disabling the execution of unknown file types through `xdg-open` until a patch is available. Avoid using the `xdg-open` command for unknown file types in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** The issue concerns a reflected cross-site scripting (XSS) problem. Specifically, user input from the `name` parameter is unsafely reflected in the server response by the `AjaxView::DisplayResponse()` function of the portalpages.dll assembly. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, consider restricting the use of the `AjaxView::DisplayResponse()` function until a resolution is available. Avoid using the `name` parameter in affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** The login function of the portal is vulnerable to insecure redirection, also known as an open redirect. The `in hi redirect` parameter is not validated by the application after a successful login. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, as a temporary workaround, consider validating the `in hi redirect` parameter after a successful login to prevent insecure redirection. However, since Oracle WebCenter Interaction Portal is out of support, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** The login function is susceptible to reflected cross-site scripting (XSS) due to the unsafe reflection of the content of the `in hi redirect` parameter in an HTML META tag in the HTTP response, specifically when the parameter is prefixed with the https:// scheme. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, as a temporary workaround, consider restricting the use of the `in hi redirect` parameter in the login function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** The issue concerns the lack of protection against Cross-site Request Forgery in the design of the portal, which can lead to sensitive actions being performed, such as changing a portal user's password. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, consider implementing additional security measures to protect against Cross-site Request Forgery, such as validating request tokens or using same-site cookies, as the product is out of support and no official patch is expected.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction version 10.3.3 **Description** The Oracle WebCenter Interaction search service queryd.exe binary contains a hardcoded password `i1g2s3c4`. This password is used for authentication to the search service and cannot be customized. An adversary with network access to the service could exploit this to perform search queries and extract large quantities of sensitive information. **Recommendations** For Oracle WebCenter Interaction version 10.3.3, consider restricting access to the search service to minimize the risk of exploitation, as the hardcoded password cannot be changed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** A security issue exists where the ASP.NET SessionID primary session cookie is not protected with the HttpOnly attribute when Internet Information Services (IIS) with ASP.NET is used. This exposes the cookie to session hijacking attacks if an adversary can execute JavaScript in the origin of the portal installation. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, consider restricting access to sensitive areas of the portal to minimize the risk of session hijacking until a more permanent solution can be found. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** An issue was discovered in the portal component of Oracle WebCenter Interaction Portal, which is delivered with an insecure default User Profile community configuration. This configuration allows anonymous users to retrieve the account names of all portal users via the "/portal/server.pt/user/user/" endpoint. When synchronized with Active Directory (AD), this issue can expose the account names of all AD users. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, consider restricting access to the "/portal/server.pt/user/user/" endpoint to prevent anonymous users from retrieving account names. Additionally, review and modify the default User Profile community configuration to enhance security. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle WebCenter Interaction Portal version 10.3.3 **Description** The issue concerns the AjaxControl component, which fails to validate page names during rename requests. This allows pages to be renamed with characters unsupported by the web server, such as 0x7f, leading to a Denial of Service (DoS) as these pages become inaccessible over the web server. **Recommendations** For Oracle WebCenter Interaction Portal version 10.3.3, consider restricting the ability to rename pages to authorized personnel and implement validation to prevent the use of unsupported characters in page names. As a temporary workaround, monitor page rename requests to prevent the inclusion of unsupported characters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.